You can probably use LXD’s own network ACL feature:
For bridge
networks this cannot prevent intra-bridge communication (i.e communication between instance NICs connected to the same bridge), but you already have security.port_isolation
for that. However it can prevent inter-bridge routed communication.
This sounds similar to How to stop traffic from being forwarded between lxd managed interfaces - #6 by tomp